rpms/kdegraphics/devel post-3.5.7-kdegraphics-CVE-2007-3387.diff, NONE, 1.1 kdegraphics.spec, 1.105, 1.106
Rex Dieter (rdieter)
fedora-extras-commits at redhat.com
Mon Aug 13 19:05:55 UTC 2007
- Previous message (by thread): rpms/sound-juicer/devel .cvsignore, 1.34, 1.35 sound-juicer.spec, 1.77, 1.78 sources, 1.36, 1.37
- Next message (by thread): rpms/perl-DBD-MySQL/devel .cvsignore, 1.17, 1.18 perl-DBD-MySQL.spec, 1.32, 1.33 sources, 1.17, 1.18
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rdieter
Update of /cvs/pkgs/rpms/kdegraphics/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11387
Modified Files:
kdegraphics.spec
Added Files:
post-3.5.7-kdegraphics-CVE-2007-3387.diff
Log Message:
* Mon Aug 13 2007 Rex Dieter <rdieter[AT]fedoraproject.org> = 7:3.5.7-2
- CVE-2007-3387 (#251509, #251511)
- License: GPLv2
post-3.5.7-kdegraphics-CVE-2007-3387.diff:
--- NEW FILE post-3.5.7-kdegraphics-CVE-2007-3387.diff ---
Index: kpdf/xpdf/xpdf/Stream.cc
===================================================================
--- kpdf/xpdf/xpdf/Stream.cc (revision 689574)
+++ kpdf/xpdf/xpdf/Stream.cc (working copy)
@@ -411,9 +411,9 @@ StreamPredictor::StreamPredictor(Stream
nVals = width * nComps;
if (width <= 0 || nComps <= 0 || nBits <= 0 ||
- nComps >= INT_MAX / nBits ||
- width >= INT_MAX / nComps / nBits ||
- nVals * nBits + 7 < 0) {
+ nComps > gfxColorMaxComps || nBits > 16 ||
+ width >= INT_MAX / nComps ||
+ nVals >= (INT_MAX - 7) / nBits) {
return;
}
pixBytes = (nComps * nBits + 7) >> 3;
Index: kdegraphics.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kdegraphics/devel/kdegraphics.spec,v
retrieving revision 1.105
retrieving revision 1.106
diff -u -r1.105 -r1.106
--- kdegraphics.spec 16 Jun 2007 23:35:38 -0000 1.105
+++ kdegraphics.spec 13 Aug 2007 19:05:13 -0000 1.106
@@ -7,9 +7,9 @@
Summary: K Desktop Environment - Graphics Applications
Epoch: 7
Version: 3.5.7
-Release: 1%{?dist}
+Release: 2%{?dist}
-License: GPL
+License: GPLv2
Group: Applications/Multimedia
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Url: http://www.kde.org
@@ -18,16 +18,17 @@
Patch1: kdegraphics-3.3.0-misc.patch
Patch2: kdegraphics-3.3.1-xorg.patch
Patch3: kdegraphics-3.5.1-warning.patch
+# http://www.kde.org/info/security/advisory-20070730-1.txt
+Patch4: ftp://ftp.kde.org/pub/kde/security_patches/post-3.5.7-kdegraphics-CVE-2007-3387.diff
-Requires: ghostscript
-Requires: ghostscript-fonts
+Requires: ghostscript ghostscript-fonts
BuildRequires: gettext
BuildRequires: kdelibs-devel >= 6:%{version}
BuildRequires: libmng-devel
+BuildRequires: libpng-devel
BuildRequires: libtiff-devel
BuildRequires: libungif-devel
-BuildRequires: libpng-devel
%ifnarch s390 s390x
%define kamera 1
@@ -106,6 +107,7 @@
%patch1 -p1 -b .misc
%patch2 -p1 -b .xorg
%patch3 -p1 -b .gcc-warning
+%patch4 -p0 -b .CVE-2007-3387
%if 0%{!?rhel:1}
DO_NOT_COMPILE=""
@@ -307,6 +309,10 @@
%changelog
+* Mon Aug 13 2007 Rex Dieter <rdieter[AT]fedoraproject.org> = 7:3.5.7-2
+- CVE-2007-3387 (#251509, #251511)
+- License: GPLv2
+
* Mon Jun 11 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 7:3.5.7-1
- 3.5.7
- Previous message (by thread): rpms/sound-juicer/devel .cvsignore, 1.34, 1.35 sound-juicer.spec, 1.77, 1.78 sources, 1.36, 1.37
- Next message (by thread): rpms/perl-DBD-MySQL/devel .cvsignore, 1.17, 1.18 perl-DBD-MySQL.spec, 1.32, 1.33 sources, 1.17, 1.18
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list